Privacy Notice

1. Introduction

Data protection is a question of trust, and your trust is important to us. At NetGuardians SA (we, our or NetGuardians), we respect your private life and privacy. It is a major concern for us that your personal data is treated in a responsible manner and in compliance with the legal requirements.

This privacy notice (Privacy Notice) describes how we process your personal data when you interact with us while our using Corporate Fraud Prevention solution (the Solution), and the services we provide through the Solution (together with the provision of the Solution, our Services). We may also have additional privacy notices that apply in specific circumstances.

This Privacy Notice applies to and constitutes an integral part of a contract if it is listed in a contract document as an integral part thereof or referred to in the applicable General Terms & Conditions (GTC).

By using our Services, or otherwise providing us your information, you expressly acknowledge that we may process your personal data in accordance with this Privacy Notice.

2. Short Version

The following is a summary of (but not a replacement for) this Privacy Notice:

  • Our role.

    We, NetGuardians SA, are responsible for the processing, as controller, of your personal data (but not for the activities of third party providers) (see section 3);

    However, if we process your personal data to provide services to an organization to which you are affiliated (your Organization), we will generally act as data processor for that Organization. You must refer to your Organization’s privacy policy for information about its processing activities (see section 7).

  • Data we collect.

    We collect the information which is provided to us by you or your Organization. We also automatically collect technical information when you interact with the Services (see section 4);

  • How we use it.

    We process your personal data in compliance with Swiss laws and other data protection laws applicable to us. This means that we will only process your information where we have a legal basis to do so (see sections 5), and only for certain reasons (mainly for providing our Services, operating our Solution, and for the other legitimate purposes indicated in this Privacy Notice) (see section 6);

  • Control and Access.

    Your personal data is stored in Switzerland and/or the European Union. We do not share it with third parties or transfer it abroad unless this is both necessary for the operation of our Services and permitted by applicable laws. This may for instance be the case when we use service providers or must interact with third parties to conduct our professional activities (see sections 7 and 9);

  • Retention.

    We do not store your personal data for longer than necessary for us to fulfill the purposes set out in this Privacy Notice (see section 10);

  • Security.

    We apply security measures and strive to protect your personal data. However, no IT infrastructure is completely secure and we cannot guarantee that ours is (see section 11);

  • Your rights.

    You may contact us (info@netguardians.ch) to exercise your rights pertaining to your personal data (see sections 13 and 14).

3. Who is responsible for the processing of your personal data

NetGuardians SA, Avenue des Sciences 13, 1400 Yverdon-les-Bains, Switzerland, is responsible for the processing, as controller, of your personal data. You will find our contact details below in section 12.

This Privacy Notice only applies to data processing undertaken by or on behalf of us. Whilst we may provide links to third party websites, contents, or services, we are not responsible for their policies in relation to personal data. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those third party providers, which you should carefully review to learn more about their personal data processing practices.

As further detailed in this Privacy Notice, we may process your personal data in connection with the professional Services we provide to your employer, respectively the organization to which you are affiliated in any other way (each an Organization). This Privacy Notice does not govern how your Organization processes your personal data through the Services. You must refer to your Organization’s policies. Please see section 7 below for additional information in this respect.

4. How we collect your personal data

We collect the personal data you provide us, or which is provided by your Organization.

We collect the personal data that you provide to us when interacting with us and/or using our Services, for example when you create and/or manage your account, use our Solution, and communicate with us.

It is only mandatory that you complete the data fields identified by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields in order to access our Services.

5. How we use your data

We process your personal data in compliance with applicable law, in particular Swiss data protection laws and, to the extent they apply to us, other data protection legislations, manually or automatically using computer tools.

This means that we will only process your information for certain specific reasons (see Section 7) and only where we have a Legal Basis to do so.

Here is what each of these legal basis is:

  • Contractual Necessity: the processing is necessary to fulfill our contractual obligations to you or to take pre-contractual steps at your request. This is particularly the case in particular when processing your personal data is strictly required to provide you with the Services.
  • Legitimate Interest: the processing is necessary for the fulfillment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing.
  • Consent: we have obtained your prior consent in a clear and unambiguous manner. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
  • Legal Obligation: the processing is necessary to comply with our legal or regulatory obligations.

What about the “processor position”?

When we act as processor for an Organization you are affiliated to, our processing of your personal data is governed by the agreement between us and your Organization (see section 7).

6. Why we use your data

We process your personal data for the following reasons:

To provide our Services, operate the Solution and for customer management purposes.

We mainly process your personal data to provide the Solution and the Services, based on our Contractual Necessity to do so, including for creating and maintaining a user account, interacting with you, providing you with the requested information and Services, and for related customer management purposes (such as invoicing).

  • Contacting you and responding to your queries. You have the option of contacting us via the Solution. In this context, we process the data which you provide to us (including your contact information and the subject-matter of the request). This data is used for the purpose of providing you with the requested information and services, based on our Contractual Necessity.The retention period depends on the reason for your request and its context. Requests are, as a rule, retained for 3 months, unless there is legal ground for retaining them longer (such as evidentiary or tax purposes).
  • Providing maintenance and support. We use data to maintain our Services, troubleshoot and diagnose problems, and to provide customer support services.
  • Customer and supplier management. if we are in a business relationship with your Organization or you directly, we process the personal data that is necessary for our customer or supplier management, as well as for the following other related purposed, including (i) to carry out the transactions in which we are engaged (ii) process your orders (iii) to interact with you, for instance to reply to your inquiries; (iv) to track our activities (measuring sales, our work time, etc.); and (v) to manage our archiving and records.

    The personal data that we process in this context includes: (i) personal data about individuals with whom we interact, such as the name, title, position, company name, email and/or postal address and the professional fixed and/or mobile phone number; (ii) personal data relating to our interactions and the services provided; (iii) any other information provided to us by you, your Organization, or third parties.

    If you are our direct customer, our basis for processing the data is our Contractual Necessity. In other cases (e.g. if you are a representative of one of our customers), it is our Legitimate Interests in delivering our Services to our customers.

    The personal data which we must retain for record-keeping, tax or another legal obligation will, as a rule, be kept for the duration of the contractual relationship and thereafter for a period of 10 years (or such other retention period as applicable). Shorter retention periods apply for personal data which must not be retained for the above reasons.

For our legitimate business interests related to the provision of the Services, including to ensure the security of the Services, improve our Services, as well as for monitoring or statistical purposes.

We may also process your personal data for our legitimate business operations related to providing our Services, which include (i) ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting); (ii) protecting the security of our IT systems, architecture and networks; (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); (iv) improving and developing the Services (including monitoring the use of our Services, and for statistical purposes); and (v) achieving our corporate goals).

When doing so, we generally rely on our Legitimate Interests. We may also process your data when we have obtained your prior unambiguous Consent. You may withdraw your consent, respectively object to such processing activities, at any time.

Additional information on the processing of your personal data for our legitimate business operations:

  • Protecting the security of our IT systems, architecture and networks. We use data to protect the security of our IT systems, architecture and networks.
  • Internal analysis and statistical purposes to improve our Services. Also, we may process your personal data, in particular data relating to your use of our Services and your habits and preferences (e.g. the number of payment verifications that have been requested by a given Organization), for internal analysis and statistical purposes, in order to better understand the needs of our users, to optimize their experience, and in general to improve the ergonomics and functionality of our Services.
  • Data anonymization. We may combine your personal data with other information (aggregate) or erase any information that allows us to identify you (anonymize), so that it is no longer considered personal data under applicable data protection law, in which case this Privacy Notice will no longer apply and we may use such data for purposes not contemplated by this Privacy Notice (e.g. for benchmarking or analytics purposes, or to develop and market new services). You may object to the anonymization or aggregation of your personal data for this purpose at any time (see section 13 below for additional information on your rights).

For marketing our Solution and Services, including for providing you with targeted information or advertisements based on your interactions with the Solution.

We process your personal data for marketing purposes such as general customer communications and the personalization of offers from us.

When doing so, we generally rely on our Legitimate Interests. We may also process your data when we have obtained your prior unambiguous Consent. You may withdraw your consent, respectively object to such processing activities, at any time.

  • Data we process. The data we process in this context may include
    • Identification and contact data such as your first name and surname, telephone number, e-mail address, and profession;
    • User activity data such as the type of our products and services that you use, the type and extent of your usage thereof, user preferences, user service information such as service requests;
  • Sending you emails. We may contact you by email to inform you about our activities if you have previously subscribed for the use of our Services, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 14). The legal basis for the corresponding processing of your data is our Legitimate Interest to advertise certain sales offers and activities relating to our previous interactions with you.
  • Profiling. To enable us to provide you with advertising, communications and offers better tailored to your needs as a customer, we create customer segments and customer profiles. To this end, we combine and analyze the data relevant for our marketing purposes.

To comply with our other legal obligations or for other legitimate interests.

We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims.

The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us.

7. Our Operations with Your Organization

If you are an end user of a Service we provide to your Organization, or if we process for any other reason your personal data on behalf of your Organization (for instance, if you are not a user, but your personal data is provided to us by your Organization), please read the following:

  • In the situations described above, our processing of your personal data is governed by a contract between us and your Organization. We will process your personal data as data processor for the providing of our Services to your Organization which is our customer, or in some cases, as a controller for our legitimate business operations related to providing those Services, as detailed in this Privacy Notice.
  • This Privacy Notice does not address how your Organization collects and uses your personal data or how we process your data when we act as processor for your Organization. Please refer to your Organization’s privacy policy for information about its processing activities.
  • If you would like to make any requests or queries regarding our processing of your personal data on behalf of your Organization, please contact your Organization directly. If we are requested by your Organization to remove your personal data, we will respond to such request in a timely manner upon verification and in accordance with applicable law. If you have questions about our legitimate business operations in connection with providing Services to your Organization, please contact us as described in section 14.

8. The circumstances in which we share your personal data with third parties

We may share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.

  • Our service providers. We may share your personal data with third parties in connection with the operation of the Services or our business operations and with subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including OVHcloud (hosting), Hubspot (hosting/CRM), and others.
  • Legal reasons. We may also disclose your personal data where we have a legitimate interest in doing so, for example (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of restructuring, in particular if we transfer our assets to another company.

9. International Transfers

We store your personal data on servers located in Switzerland and/or the European Union. In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad. In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.

If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 14 below.

10. How long we store your personal data

Your personal data will not be stored longer than necessary.  We will erase or anonymize personal data as soon as it is no longer necessary for us to fulfill the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above.

Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes). Please note that some information about you may have to be retained for the duration of our contractual relationship with your Organization, even if your account is terminated (see section 7).

In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.

11. Security

We maintain physical, technical and procedural safeguards to keep your personal data secure.

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice.

Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solutions).

12. Your rights with regard to the processing of your personal data

You have the right to access your personal data we process and may request that they be removed, updated, or rectified.

If you are using a Service provided by your Organization, you should direct your privacy inquiries relating to our use of your personal data on behalf of your Organization, including any requests to exercise your data protection rights, directly to your Organization’s contact person.

In other cases, you may contact us directly to exercise your rights. Unless otherwise provided by law, you have the right to know whether we are processing your personal data, to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.

If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances.

You will find further details of your rights in sections  5 and 6 and  of this Privacy Notice in connection with each processing activity we perform. If you want to exercise any of your rights, or want additional information about them, please contact us using the contact detailed listed below (see section 14).

You have the right to lodge a complaint with the competent authority.

If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.

Although this is not required, we recommend that you contact us first, as we might be able to respond to your request directly.

13. Contact Us

If you believe your personal data has been used in a way that is not consistent with this Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at info@netguardians.ch.

14. Updates to this Privacy Notice

This Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Solutions, e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.

Last updated: 31.01.2022

Contact us
Switzerland

+41 24 425 97 60

info@netguardians.ch

Singapore

+65 6224 0987

Kenya

+254 796 616 263

News

Intix & NetGuardians have united to form Vyntra: A global leader in
pro-active financial crime prevention and real-time transaction observability.

For more information, and for the latest news about Vyntra, go to www.vyntra.com

LEARN MORE
Vyntra visual